Cornucopia - Ecommerce Website - CR 4
Paulo can access data in transit that is not encrypted, even though the channel is encrypted.
Data may be use encryption in transit like Transport Layer Security (TLS). However, an attacker may have legitimate access to this (e.g. viewing SSL content in a web browser). Consider whether the data transmitted also needs to be encrypted itself, not just sent using an encrypted protocol.
|OWASP SCP||OWASP ASVS||OWASP AppSensor||CAPEC||SAFECODE|